Hello Mark, Where can I find these articles that you talk? do you have a URL for those articles? Thank you :) ===== "?Acaso se olvidara la mujer de su bebe, y dejara de compadecerse del hijo de su vientre? Aunque ellas se olviden, yo no me olvidare de ti" Isa 40:27 ===== Atte Pedro Iran Mendez Perez -----Mensaje original----- De: Mark-Walter@xxxxxxxxxxx [mailto:Mark-Walter@xxxxxxxxxxx] Enviado el: Miercoles, 03 de Noviembre de 2004 04:25 p.m. Para: php-general@xxxxxxxxxxxxx Asunto: SQL-Injection, XSS and Hijacking Hi, I read now quite a lot of articles about SQL-Injection, XSS and session hijacking in a hopefully appropriate way. As I understand the function addslashes(),quote_meta() and mysql_real_escape_string() are to avoid SQL Injection e.g. in order to use page_sliding with entered POST data over forms with $_REQUEST parameters, while strip_tags(), htmlentities() and utf8_decode() is useful to have a clean output within the browser by not having arbitrary code within. For a session authentication PEAR::Auth is used. I just wanted to ask if there's more to take care of. -- Best Regards, Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
